Twenty-four vulnerabilities have been found in the hybrid biometric terminal made by ZKTeco, a Chinese manufacturer.
Twenty-four vulnerabilities have been found in the hybrid biometric terminal made by ZKTeco, a Chinese manufacturer. The cybersecurity firm Kaspersky claims that a threat actor can quickly get around the verification procedure and obtain illegal access by inserting random user data into the database or by using a phony QR code. In addition, hackers have the ability to remotely control devices, create backdoors, and steal and divulge biometric data.
Researchers warned that if high-security establishments around the world employ this vulnerable biometric, they could be put at risk. Apart from substituting the QR code, there is an additional captivating physical attack vector. Georgy Kiguradze, Senior Application Security Specialist at Kaspersky, stated that if a malicious person manages to get access to the device’s database, they can take advantage of other flaws to download and print a legitimate user’s photo, which they can then use to trick the device’s camera into opening a secured area.
The researchers claim that the aforementioned biometric scanners are extensively utilized in a variety of settings, including offices, hospitals, and nuclear or chemical plants. These devices have the ability to store thousands of facial templates and offer both face recognition and QR-code authentication. The researchers stated that all results were proactively discussed with the manufacturer prior to being made public. “All the factors underscore the urgency of patching these vulnerabilities and thoroughly auditing the device’s security settings for those using the devices in corporate areas,” Kiguradze stated.
Also read: Unveiling the Ethical Imperatives: Navigating the Intersection of AI and Cybersecurity
Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter
About us:
CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.
CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.